Consul Service Mesh Support for AWS Lambda Now in Public Beta
HashiCorp Consul support for AWS Lambda is now available in public beta enabling services in the mesh to invoke AWS Lambda functions.
We are excited to announce the public beta of HashiCorp Consul service mesh support for Amazon’s serverless functions service: AWS Lambda. This release will ensure service mesh users can now take advantage of consistent workflows and encrypted communications from all mesh services to all upstream workloads including Lambda functions.
As organizations focus on getting to market faster, serverless adoption helps developers accelerate application development. Datadog’s State of Serverless Survey shows that AWS Lambda is leading the serverless landscape. However, effectively integrating AWS Lambda into a service mesh requires first-class support. Previously, other Lambda integrations bypassed the service mesh. This beta release addresses these limitations by extending Consul service mesh capabilities and secure communications to AWS Lambda in addition to existing support for Kubernetes, virtual machines, HashiCorp Nomad, and Amazon ECS.
»Integrating AWS Lambda Functions
Registering Lambda functions into Consul is automated using the Consul Lambda service registrator. This integration provides a simplified way to register AWS Lambda functions into the service mesh. The new Consul Lambda registrator Terraform module is used to deploy Lambda registrator. Here is example code for deploying the registrator:
module "lambda-registrator" {
source = "hashicorp/consul-lambda-registrator/aws//modules/lambda-registrator"
name = "consul-lambda-registrator"
consul_http_addr = "https://consul.example.com:8501"
}
The Lambda registrator automatically registers all Lambda functions that you have tagged with serverless.consul.hashicorp.com/v1alpha1/lambda/enabled: true into the service mesh. This happens in three main steps:
- Whenever you create, tag, or untag Lambdas, AWS will log the events into CloudTrail.
- EventBridge routes the events to the Lambda registrator.
- The Lambda registrator registers the Lambda as a Consul service and stores a service-defaults configuration entry.
Once registered, you need to set the Lambda service as an upstream for any services that will use it. Then, you can call it like any other mesh service.
service {
…
proxy = {
…
upstreams {
local_bind_port = 1234
destination_name = "lambda"
}
}
}
Service-to-Lambda communication shares the same reliability, observability, and security benefits that the Consul service mesh provides. For example, you can use Consul intentions or traffic management on Lambda services the same way you would use them with other services.
»Getting Started
To learn more, please visit the Consul Lambda documentation.
As is typical with beta releases, we recommend against using Consul’s Lambda support in a production environment, but we encourage you to experiment with this new capability in a controlled environment. We are eager to hear about your experiences and would appreciate receiving feedback via this form. We will do our best to get back to you promptly. If you encounter an issue, please file a new bug report in GitHub.
Sign up for the latest HashiCorp news
More blog posts like this one
HashiCorp at AWS re:Invent: Your blueprint to cloud success
If you’re attending AWS re:Invent in Las Vegas, Dec. 2 - Dec. 6th, visit us for breakout sessions, expert talks, and product demos to learn how to take a unified approach to Infrastructure and Security Lifecycle Management.
Consul 1.20 improves multi-tenancy, metrics, and OpenShift deployment
HashiCorp Consul 1.20 is a significant upgrade for the Kubernetes operator and developer experience, including better multi-tenant service discovery, catalog registration metrics, and secure OpenShift integration.
New SLM offerings for Vault, Boundary, and Consul at HashiConf 2024 make security easier
The latest Security Lifecycle Management (SLM) features from HashiCorp Vault, Boundary, and Consul help organizations offer a smoother path to better security practices for developers.